What are the risks of allowing programs through a firewall?

When you add a program to the list of allowed programs in a firewall, or when you open a firewall port, you allow a particular program to send information to or from your computer through the firewall. Allowing a program to communicate through a firewall (sometimes called unblocking) is like punching a hole in the firewall.

Each time you open a port or allow a program to communicate through a firewall, your computer becomes a bit less secure. The more allowed programs or open ports your firewall has, the more opportunities there are for hackers or malicious software to use one of those openings to spread a worm, access your files, or use your computer to spread malicious software to others.

It's generally safer to add a program to the list of allowed programs than to open a port. If you open a port, it stays open until you close it, whether or not a program is using it. If you add a program to the list of allowed programs, the "hole" is open only when needed for a particular communication.

To help decrease your security risk:

Only allow a program or open a port when you really need to, and follow the steps below to remove programs from the list of allowed programs or close ports that you no longer need.

Never allow a program that you don't recognize to communicate through the firewall.

To remove a program from the list of allowed programs

Open Windows Firewall by clicking the Start button , and then clicking Control Panel. In the search box, type firewall, and then click Windows Firewall.

In the left pane, click Allow a program or feature through Windows Firewall.

Left pane of Windows Firewall

Click Change settings. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Clear the check box next to the program you want to remove from the list of allowed programs, and then click OK.

To close a firewall port

Open Windows Firewall by clicking the Start button , and then clicking Control Panel. In the search box, type firewall, and then click Windows Firewall.

In the left pane, click Advanced settings. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

In the Windows Firewall with Advanced Security dialog box, in the left pane, click Inbound Rules.

In the middle pane, select the rule that you want to disable, and then, in the right pane, click Disable Rule.

When you create an exception or open a port in a firewall, you allow a particular program to send information to or from your computer through the firewall. Allowing a program to communicate through a firewall (sometimes called unblocking) is like opening a tiny door in the firewall.

Each time you create an exception or open a port for a program to communicate through a firewall, your computer becomes a bit less secure. The more exceptions or open ports your firewall has, the more opportunities there are for hackers or malicious software to use one of those openings to spread a worm, access your files, or use your computer to spread malicious software to others.

It's generally safer to create a program exception than to open a port. If you open a port, it stays open until you close it, whether or not a program is using it. If you create an exception, the "door" is open only when needed for a particular communication.

To help decrease your security risk:

Only create an exception or open a port when you really need to, and remove exceptions or close ports that you no longer need.

Never create an exception or open a port for a program that you do not recognize.